Given that I had a route that must accept either the code or the id of the object, is there any way in silex that I can detect which was passed to the route (numeric or not numeric) and then send either one variable or the other?
Eg.
/route/1 -> id for USA on the database
I send $id = 1 and $code = null to the controller
/route/US -> code for USA on the database
I send $id = null and $code = 'US' to the controller
I tried something like this, but it won't work
$apiRoutesV2
->get('/route/{code}{id}', 'controllers.myController:getIndex')
->value('id', null)
->assert('id', '[0-9]+')
->value('code', null)
->assert('code', '[a-zA-Z]+');
If both id and code can be empty, you can make one route with default values:
$app
->get('/route/{code}{id}', 'controllers.myController:getIndex')
->value('id', '')
->assert('id', '[0-9]*')
->value('code', '')
->assert('code', '[a-zA-Z]*');
If one of parameters should be filled add 2 routes:
$app
->get('/route/{id}', 'controllers.myController:getIndex')
->assert('id', '[0-9]+');
$app
->get('/route/{code}', 'controllers.myController:getIndex')
->assert('code', '[a-zA-Z]+');
Related
Here I like to explain my problem clearly, How can I restrict get request through URL in Yii2
this is my url:
http://localhost/school/backend/web/index.php?r=user%2Fview&id=42
here if I change the view id = 43, it showing the data of id 43, I don't want to get data through url. I want to restrict get request through url or how can I encrypt the id value
If I change my url manager to
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
],
then am getting url like below
http://localhost/school/admin/user/view?id=42
here also if I change id=43 am getting the data of id 43
How can I do this. Help will be really appreciated.
Assuming the current scenario (let me know if i misunderstood something):
Company can see/add/edit People (that part you already did). Now, each Company can only do actions on your own People, not the others.
One Solution:
In your Company model you must have something like:
public function getPeoples()
{
return $this->hasMany(People::className(), ['id_people' => 'id']);
}
You can add another function just to return the Ids of the People:
public function getPeoplesIds()
{
return ArrayHelper::map($this->peoples, 'id', 'id');
}
Now in your controler you must rewrite your beforeAction function:
public function beforeAction($action){
$id = Yii::$app->request->get('id');
if($id && !Yii::$app->user->isGuest) {
$user = User::findOne(Yii::$app->user->getId());
$company = //Do the logic to get the company's user
if (! in_array($id, $company->peoplesIds) {
throw new NotFoundHttpException('The requested page does not exist.');
}
}
return parent::beforeAction($action);
}
With that, you are checking the $id before runing each action.
first of all you should think about your purpose .
why do you want to prevent user from getting another IDs ?
if they are not authorized to see other IDs you can easily authorize their requests : Yii2-authorization
otherwise , you can use a string key for your table and generate random strings for keys using Yii built in classes .
Yii2-security
My question can look stupid but I need to get in touch and get a decision. I want to pass parameters to url without the parameters being seen in the url. this is to secure my server. Because the url looks like this
controller/edit/123
and the '123' is the user ID in the database.
I can simple do this
public function action_edit($id) {
get_db_info($id);
}
Is it possible to hide the parameter while redirecting to this url from a view? ie in the view file
// Do something to set the ID
<?php Kohana_Request::post("user_id", $id); ?>
Click
and get the ID like this
public function action_edit() {
$id = $this->request->post("user_id");
get_db_info($id);
}
But the problem I can't access the KOhana_Request instance and get this error
*Non-static method Kohana_Request::post() should not be called statically*
Can someone gives a secured approach to this ?
I think I found a solution by encoding and decoding the parameters.
Since Kohana 3.3 do not allow parameters in controller functions see .
I do this in my view
$user_id = Encrypt::instance()->encode($liste->user_id);
$encode_id = base64_encode($user_id);
$encode_ure_id = urlencode($encode_id);
And from the controller,
$encoded_id = urldecode($this->request->param('uri_id'));
$encode_base_url = base64_decode($encoded_id);
$user_id = Encrypt::instance()->decode($encode_base_url);
If this can help others.
I was wondering how I would get a specific ID from an URL. ( If something like this is possible )
For example:
// You are here: http://test.be/certificate/create
// Saving new certificate
$search11 = $this->webDriver->findElement(WebDriverBy::id('certificate_save'));
$search11->click();
// You are here: http://test.be/certificate/11/basicinfo
// Here I need to get the ID so I can go to the next page
// You are here: http://test.be/certificate/11/holders
Basically I need the number after the /certificate/
Any suggestions? If something isn't clear feel free to ask.
Thanks in advance
Kind regards
You can get the url from the Driver object and extract the id from that, something like this:
string url = Driver.Url;
string[] parts = url.Split(new string[] { "/" }, StringSplitOptions.RemoveEmptyEntries);
int id = int.Parse(parts[3]);
EDIT: Sorry just seen you are using php, my code was in c#, the same logic can be used for php as well
$url = $driver->getCurrentURL();
$parts = explode('/', $url);
$id = $parts[4];
In my view I need to draw full URL. Like this:
http://hostename.com/default/url
When I try to use $this->url('default', array(1,2,3)) I get only /index/get/. Is there any Zend method to het host name or I have to use $_SERVER['HTTP_HOST'] instead?
You can use the option force_canonical on the router. All router options go into the third parameter of the url helper:
url($route, $params, $options)
So you can so something like this:
$this->url('myroute', array('id' => 123), array('force_canonical' => true))
I found this article with some interesting ways:
1) without parameters use an empty array:
// Using a route with the name "register" and the route "/register"
echo $this->url('register', array(), array('force_canonical' => true));
// Output: http://mydomain.com/register
2) note the differences between:
echo $this->serverUrl();
// Output: http://mydomain.com
and
// Current URL: http://mydomain.com/register
echo $this->serverUrl(true);
// Output: http://mydomain.com/register
3) starting from the route
// The "register" route has the following route: /register
echo $this->serverUrl($this->url('register'));
// Output: http://mydomain.com/register
There is a Zend\View\Helper\ServerUrl to create full url in zend view.
Try below code in your view template.
<?php echo $this->serverUrl()?>
If you want to set base URL globally, you can do it using onBootstrap method:
$e->getApplication()->getMvcEvent()->getRouter()->setBaseUrl($baseUrl);
In this case Navigation helpers would also use it.
To fetch current base URL use ServerUrl helper as described in this thread:
$serverUrl = $e->getApplication()->getServiceManager()->get('ViewHelperManager')->get('ServerUrl');
$baseUrl = $serverUrl->__invoke();
Unfortunately I need to accept a route parameter with an & in it. I have this route definition. The id parameter will sometimes have an & in it like this X&Y001.
routes.MapRoute(
"AffiliateEdit",
"Admin/EditAffiliate/{*id}",
new { controller = "UserAdministration", action = "EditAffiliate", id = ""}
);
I have tried working around this issue in the following ways however none of them have worked. All of these result in an HTTP 400 Bad Request error in the browser.
Edit
This gives me Edit
<%= Html.RouteLink("Edit", "AffiliateEdit", new { id = a.CustomerID }) %>
This gives me Edit
<%= Html.RouteLink("Edit", "AffiliateEdit", new { id = Url.Encode(a.CustomerID) }) %>
This gives me Edit
the only thing I can think of (which is a "dirty" solution) is to encode the & yourself. for example something like ##26##.
make sure to check the decoding algorithm only decodes the & ids and not some id that happens to contain ##26## for example.
A better solution depending on db size is to change the offending ids in the database.